NAT absolutely does provide good security. It denies all incoming traffic that is not part of an est...

freeopinion • today at 12:59 AM • 1 reply • view on HN

NAT absolutely does provide good security. It denies all incoming traffic that is not part of an established connection.

Of course, that can be accomplished trivially without NAT. It can be done in IPv4 and in IPv6 with the simplest of routing rules.

So there is nothing about a lack of NAT in IPv6 that makes it less secure.

Replies

Dagger2 • today at 1:25 AM

But... it doesn't do that. If incoming traffic isn't part of an established connection, NAT will just ignore it. It doesn't deny that traffic, it just lets it pass through to the router without translating the addresses in it.

The router will then do exactly the same thing it would've done if no NAT was involved at all: if the dest IP in the packet is the router itself then the router will accept or refuse the connection depending on whether anything is listening on the respective port, and if the dest IP is on the LAN then it will route it onto the LAN.

➕ show 2 replies

alt Hacker News

Replies